PHI Breach Reported By Alaska DHSS and Kaiser Permanente

Alaska Department of Health and Social Services found a Trojan horse virus on two of its computers. The virus possibly made it possible for malicious actors to obtain access to the information saved on the devices.

The Communications Director of the Alaska DHSS, Katie Marquette, released an announcement verifying the potential HIPAA breach of over 500 persons. Currently, the precise number of people impacted was not yet disclosed.

A scrutiny of the two computers infected with malware revealed that it is possible that attackers located in the Western region, obtained sensitive data like Office of Children’s Services (OCS) files and reports. Those docs covered information on family case files, healthcare diagnoses and findings, personal data and other related details.

The breach is still being investigated by the DHSS Information Technology and Security team and trying to figure out the precise nature of the breach and if the malicious actor accessed or stole any sensitive information.

The people affected by the breach are going to be informed sooner or later and will be given current details about the progress of the investigation. At the moment, the breach seems to be restricted to persons who previously got in contact with the Office of Children’s Services.

Because of the probable data misuse, those people were advised to safeguard themselves from identity theft and fraud and must cautiously examine their Explanation of Benefits statements and other accounts and get a credit report from any of the credit monitoring agencies Equifax, Experian, TransUnion to find any indicators of bogus transactions.

On the other hand, Kaiser Permanente is informing around 600 members from Riverside, CA regarding privacy breach due to the sending of emails with their PHI to the wrong recipient.

The email included a information such as names, details of medical procedures and medical record numbers. There was no Social Security numbers, financial data or other sensitive information disclosed.

The incident happened on August 9, 2017. The privacy breach resulted from a mistake made by a staff when inputting an email address. The email address owner who received the message is unknown at the moment. Kaiser Permanente is convinced this was a mistake and did not have any malicious motive, though the investigation is still continuing to eliminate the probability of foul play.